On April 7, 2014, a critical security vulnerability in OpenSSL was publicly disclosed: Heartbleed (CVE-2014-0160). The vulnerability allows attackers to read the memory of servers running vulnerable OpenSSL versions.
What Is Heartbleed?
Heartbleed is a bug in the Heartbeat extension of OpenSSL. Due to a missing length check, an attacker can read up to 64 KB of server memory. This can include private keys, passwords, session cookies, and other sensitive data.
Affected Versions
Affected are OpenSSL versions 1.0.1 through 1.0.1f. Not affected are OpenSSL 0.9.8 and 1.0.0.
Actions Taken by INGATE
Our technical team responded immediately after learning of the vulnerability:
- All managed servers were patched within a few hours
- SSL certificates on affected systems were reissued
- Customers with self-managed servers were notified by email
Recommendations for Root Server Customers
- Update OpenSSL to the patched version
- Restart all services that use OpenSSL
- Have your SSL certificates reissued
- Change all passwords as a precaution
For questions or support, contact info@ingate.de.
